A vulnerability analysis method based on implicit taint propagation

A technology of taint propagation and vulnerability analysis, which is applied in the field of network security, can solve problems such as failure to achieve analysis results and interruption of the analysis process, and achieve high accuracy and good analysis capabilities

Active Publication Date: 2020-08-11
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Currently, browsers use Java Script technology extensively. Vulnerability attack codes use Java Script to control memory layout and overwrite control flow transfer addresses. These operations are implemented by parsing the input script string through the script analysis engine, and the input script content is not consistent with the program Direct data dependencies are generated. Existing vulnerability analysis methods are implemented based on explicit taint propagation, and only analyze data dependencies between instructions and input data. When analyzing script vulnerabilities, the analysis process will be suspended and cannot Achieve analysis effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A vulnerability analysis method based on implicit taint propagation
  • A vulnerability analysis method based on implicit taint propagation
  • A vulnerability analysis method based on implicit taint propagation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

[0033] The present invention provides a vulnerability analysis method based on implicit taint propagation, the flow chart of which is as follows figure 1 shown, including the following steps:

[0034] 1) Use IDA Pro to statically analyze the program to be analyzed to obtain the control flow graph of the program, calculate the control dependency of each instruction in the control flow graph, and store the control dependency in a disk file; The file format can be customized by the user, and it only needs to accurately describe the control dependency.

[0035] The present invention adopts the method of writing IDA Pro plug-in, starts from the entry point of the software executable program, firstly constructs the control flow graph of the program, and there is a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a vulnerability analysis method based on implicit stain propagation. The method comprises the steps of extracting a control flow graph of a to-be-analyzed program; calculating a control dependence relationship of front and back inevitable nodes of each instruction in the control flow graph; starting the program and monitoring each instruction performed by the program; adding a return value of a monitored read data operation function called by the program to a stain record; tracking the instructions performed by the program and calculating a forward stain propagation process until an abnormity occurs in the program or an analysis process is interrupted; and if only an explicit stain propagation path obtained in the forward stain propagation calculation process exist, starting reverse backtracking by taking a control flow hijack point existing in the program as a starting point, and if the backtracking is interrupted, employing implicit stain propagation, thereby enabling a backtracking process to be carried out continuously.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a vulnerability analysis method based on implicit taint propagation. Background technique [0002] The current software vulnerability analysis mainly adopts the taint propagation analysis method, but the traditional taint propagation is usually analyzed for data dependence. It is better for file vulnerability analysis, but it cannot track browser vulnerabilities caused by Java Script and other scripts. The reason is that Script-like programs are usually executed by parsing, and in program logic, they appear as an implicit taint propagation process in which input data generates control dependencies and affects program execution. Therefore, it is necessary to improve the ability of implicit taint propagation analysis for control dependencies. [0003] The current analysis techniques based on explicit taint propagation usually use the following methods: [0004] 1. Interc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3636G06F11/366G06F21/577
Inventor 杨轶苏璞睿黄桦烽和亮
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap